CVE-2022-49563
📋 TL;DR
This vulnerability in the Linux kernel's QAT crypto driver allows an attacker to trigger an integer underflow when processing RSA encryption/decryption requests with oversized source buffers. This could lead to memory corruption or system crashes. Systems using Intel QuickAssist Technology (QAT) hardware acceleration for RSA operations are affected.
💻 Affected Systems
- Linux kernel with QAT driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, with potential for memory corruption that could be leveraged for privilege escalation or arbitrary code execution in kernel context.
Likely Case
System instability, crashes, or denial of service affecting cryptographic operations on QAT-enabled systems.
If Mitigated
Minimal impact if systems don't use QAT RSA operations or have proper input validation in place.
🎯 Exploit Status
Exploitation requires ability to trigger RSA operations through the QAT driver with malicious input parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 4d6d2adce08788b7667a6e58002682ea1bbf6a79, 9714061423b8b24b8afb31b8eb4df977c63f19c4, f993321e50ba7a8ba4f5b19939e1772a921a1c42
Vendor Advisory: https://git.kernel.org/stable/c/4d6d2adce08788b7667a6e58002682ea1bbf6a79
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify QAT driver is functioning correctly post-update.
🔧 Temporary Workarounds
Disable QAT RSA operations
linuxTemporarily disable QAT hardware acceleration for RSA operations
modprobe -r qat_rsa
echo 'blacklist qat_rsa' > /etc/modprobe.d/disable-qat-rsa.conf
🧯 If You Can't Patch
- Disable QAT hardware acceleration completely if not required
- Implement strict access controls to limit who can perform cryptographic operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if QAT driver is loaded: lsmod | grep qatCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test RSA operations through QAT📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- QAT driver error messages
- Cryptographic operation failures
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "oops") AND "qat"